On Ma, 14 apr 20, 07:32:58, Greg Wooledge wrote: > On Mon, Apr 13, 2020 at 07:03:12PM -0400, Lee wrote: > > dnssec just adds a cryptographic signature to the data -- everything > > is still done "in the clear" (like Debian updates. or has buster > > switched to using https for downloading updates?) > > The apt-transport-https package is available, but is not installed > by default. Not required anymore (at least in buster). $ apt show apt-transport-https Package: apt-transport-https Version: 1.8.2 [...] Description: transitional package for https support This is a dummy transitional package - https support has been moved into the apt package in 1.5. It can be safely removed. > The Debian mirrors can be accessed via https, but again, > this is not the default. (I.e. even if you install apt-transport-https, > you still have to edit sources.list to use it.) This is still applicable. > Accessing the mirrors via https makes the packages un-cacheable, which > makes the traffic volume significantly greater -- and the package lists > are already signed, so there's no gain in trustworthiness of the packages. > > Some people may cite "privacy", as in "I don't want them to know which > window manager I use", or something... I do not understand this > argument, frankly. It sounds paranoid to me. Some people might not want to advertise to the world they are using packages like weboob (only in stretch) :) More seriously, there is the argument about using encryption even if not really needed in order to "hide" the cases where it is. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature